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REMARKS - REASONS FOR REVIEW 



Claims 1-78 are pending in the application, and all of the claims stand rejected under 
35 U.S.C. 103(a) based on a combination of references. Specifically: 

• Claims 1, 3-10, 12-20, 22-29, 31-38, 40-49, 51-59, 61-69 and 71-78 stand 
rejected as being unpatentable over Wood (US Patent No. 6,668,322 Bl) in 
view of Zhao (US Patent 6,035,404). 

• Claims 2, 1 1, 21, 30, 39, 50, 60 and 70 stand rejected as being unpatentable 
over Wood in view of Zhao and Gupta (US Patent No. 6,226,752). 

Applicant respectfully seeks review and reversal of the rejections on the grounds that 
there is a clear deficiency in the Examiner's prima facie case in support of the rejections. To 
be as concise as possible, the following remarks will focus on applicant's claim 1 and the 
rejection based on the combined disclosures of Wood and Zhao. 

Claim 1 reads as follows: 

A method for performing user and session management over a 
computer network, comprising: 

receiving a first request from a user for an application instance, the 
request including a single identifier used to identify both a session and 
a user for all user requests without further user and session 
application variables; and 

transmitting an application instance response to the user based on 
stored user and session system information. 

The examiner has stated that that Wood is "silent on a single identifier used to 
identify both a session and a user," but contends that Zhao cures this deficiency of Wood. 
Applicant has argued that the combination of Zhao and Wood is improper because Wood 
teaches away from from the use of a single identifier as recited by claim 1 . 

The examiner responds to applicant's arguments by stating that Wood teaches the 
claimed method, including the request including a single identifier for all user requests 
without further user and session application variables. 1 This assertion is confusing in view of 



1 See para. 2 on p. 2 of the Final Rejection dated May 31, 2006: 

Wood teaches the method, comprising receiving a first request from a user for an 
application instance (user request for information resources/applications, see columns 4, 
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the examiner's concession that Wood is "silent" in this respect. Moreover, in the same 
paragraph, the examiner contends that "it is old and well known in the art to identify both a 
session and a user by a single identifier." The purported reason for this is that it "has the 
advantage of allowing flexible control of user logins and session information thereby 
enhancing security of the system." Then, the examiner cites to Zhao as teaching "a user 
access system including a single identifier used to identify both a session and a user for all 
user requests." 

Thus far, the rationale supporting the combination of Wood and Zhao is unclear. The 
examiner has not, we respectfully submit, stated a good reason why a person of ordinary skill 
in the art would have been motivated, or found it obvious, to modify Wood to include a 
"single identifier" as recited in claim 1 . 

Further on in the Final Rejection, the examiner rejects claims 1, 7 and 9, and this time 
the examiner again states that Wood "is silent on on a single identifier used to identify both a 
session and a user." Here again, the examiner proposes to combine Wood and Zhao, the 
rationale being that the combination would thereby ehance the security of the system. 

But why would the system described by Wood need security enhancements of this 
kind? Why would the skilled artisan be motivated to make this combination? We respectfully 



lines 60-67 and column 5, lines 1-9), the request including a single identifier for all user 
requests without further user and session application variables (i.e., a user providing a 
unique session identifier, that is used for access requests to multiple applications) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Furthermore, it is old 
and well known in the art to identify both a session and a user by a single identifier, 
which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for 
all user requests (i.e., see for example, Session ID associated with IUID & Start Time and 
Time out) [column 5, lines 39-67 and figure 6] 
2 See pp. 3 - 4 of the Final Rejection, in para. 6: 

Wood is silent on a single identifier used to identify both a session and a user. However, 
it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for 
all user requests (i.e., see for example, Session ID associated with IUID & Start Time and 
Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for 
performing user and session management. It would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 
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submit that the skilled artisan would have been motivated against making such modification 
to Wood, and here's why: The Final Rejection correlates the "session cookie" of Wood to the 
"single identifier" of claim 1. However, in col. 8, lines 9-25, Wood describes using two 
separate identifiers within a session credentials structure to identify the session and the user, 
namely the "session id" and "principal id" of Wood. Also, Wood describes that there are 
additional user session and application variables, namely, "a trust level, group ids, a creation 
time, and expiration time." In Wood, the trust level is associated with the unique principal id 
and "serves as a basis for evaluating whether a principal associated with the session 
credentials has been authenticated to a sufficient level. . ." (emphasis added) Col. 8, lines 26- 
30. If the same id were used for the session and user, then this evaluation of user 
authentication using the trust level would not be possible because the user would not be able 
to be differentiated from the session. This is contrary to and teaches away from recitation in 
claim 1 that "the request including a single identifier used to identify both a session and a 
user for all user requests without further user and session application variables". For this 
reason, applicant respectfully asserts that the examiner has not presented a proper prima facie 
case of obviousness, and that in fact there is no teaching, suggestion, or motivation to 
combined Wood and Zhao as the examiner has proposed. 

Furthermore, modifying Wood to include the "single identifier ..." as recited by claim 
1 would render Wood unsatisfactory for its intended purpose (which is to identify 
session/user and authenticate trust level). This shows there is no suggestion to combine Wood 
and Zhao (see MPEP 2143.01V). 



Applicant believes that the remarks above are responsive to each point raised by the 
Examiner in the Office Action and applicant submits that claims 1-78 of the application are in 



CONCLUSION 
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condition for allowance. Should the Examiner have any questions, comments, or suggestions 
that would expedite the prosecution of the present case to allowance, Applicant's undersigned 
representative would very much appreciate a telephone conference to discuss these issues. 

Respectfully submitted, 



Date: November 30, 2006 



Woodcock Washburn LLP 
One Liberty Place - 46th Floor 
Philadelphia PA 19103 
Telephone: (215) 568-3100 
Facsimile: (215) 568-3439 




Michael D. Stein 
Registration No. 34,734 
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